Security holes in VGA setuid-root utils

Security holes in VGA setuid-root utils

Post by Beeblebr » Tue, 19 Jul 1994 00:46:31




>I would recommend against having these VGA utilities setuid-root.  In fact,
>I set mine to be runnable by no one EXCEPT root.

There's nothing wrong with it being setuid so long as it is only group
executable.  It should be executable by the group of usercodes which have
access to your machine's console.  This is necessary and sufficient, since
only people who have access to console should run them and anyone with
access
to console has as good as got root access anyway (not necessarily but
certainly with all current distributions).

As usual, make sure that only people who need to have access to programs
have
access to them.

Of course, since you'll have the source, you could always fix the security
hole.
___

C++ consultant and emacs support.         Mail me if you have any problems.

 
 
 

1. Security holes in VGA setuid-root utils

My site was broken into a few months ago using one of the VGA utilities in
/usr/bin that was setuid-root.  It has a hole which allows any file
(/etc/passwd in my case) to be overwritten.  I have since then removed the
setuid bit from it and other programs.

I would recommend against having these VGA utilities setuid-root.  In fact,
I set mine to be runnable by no one EXCEPT root.  Someone could break in
from offsite and tweak your VGA settings, preventing you from seeing what's
being done!  Has anyone else had experience with this hole?

Josh

--
       ______   printf("\x1B[1;35m\x1F\x1B[0m");            "Look to the/\
JoSH Lehan  /                                                future!"--/{}\

         \/                                  ^^^ Try Linux instead.  /______\

2. Acrobat4 acroread from Netscape 4.07 (RH 5.2)

3. best-of-security mailing list (was: Solaris 2.5 Security Hole: local users can get root)

4. Upgraded my CPU now graphics modes won't work.

5. Security hole if man-2.0a2 installed setuid

6. Linux Alpha 166MHz Noname workstation

7. #! /bin/sh - setuid - Why is it a security hole?

8. weird ftp / ISDN / SLIP inconvinience

9. Security holes, and setuids

10. AIX setuid/setgid security hole

11. SETUID STRIPTS ARE A SECURITY HOLE

12. Security Hole on webservers run on variuos OS, How to close UNIS hole

13. Closing suid root security holes forever